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WHAT IS CLAIMED IS: 

A security system 

sing: 

a plurality of 

network; 

a cryptographic 
terminals and coupled to 
cryptographic device include 
authenticating one or more u 
user is authorized to assum£ 

a plurality of 
ensuring authenticity of the 
device transaction data is 



for securing data in a computer network 

user terminals coupled to the computer 

device remote from the plurality of user 
the computer network, wherein the 
s a computer executable code for 
sers and verifying that the authenticated 

a role; and 
security device transaction data for 
one or more users, wherein each security 
related to a user. 



2. The system of 
transaction data related t< 



claim 1, wherein the security device 
a user is loaded into the cryptographic 



device when the user requests to operate on a value bearing item. 

3. The system of cjLaim 1, wherein the assumed role includes 
one or more corresponding operations to be performed by the 
authenticated user. 

4. The system of I claim 1, wherein the assumed role is a 
security officer role to {initiate a key management function. 

5. The system of /claim 1, wherein the assumed role is a key 
custodian role to take possession of shares of keys. 



J 



6. The system o 
administrator role to 



mafnage 



claim 1, wherein the assumed role is an 
a user access control database. 



7. The system of claim 1, wherein the assumed role is an 
auditor role to manage audit logs. 
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8 . The system^ of dla 
provider role to withdraw <fJrom 



9 . The system of 

/ 

role to operate on a VBI . 



im 1, wherein the assumed role is a 
a user account. 



cl^im 1, wherein the assumed role is a user 



10. The system of 
10 certificate, authority role 
loaded and verified. 



qlaim 1, wherein the assumed role is a 
to allow a public key certificate to be 



11. The system of c 
includes a state machine 
15 availability of one or morte 



12 . The system of c 
stateless. 



aim 1, wherein the cryptographic device 
for determining a state corresponding to 
commands in conjunction with the role. 



aim 1, wherein the cryptographic device is 



12 0 13. The system of Iclaim 1, wherein the cryptographic device 

includes a computer executable code for preventing unauthorized 
modification of data. 



14. The system of j claim 1, wherein the cryptographic device 
25 includes a computer executable code for ensuring the proper operation 
of cryptographic securidy and VBI related meter functions. 



30 



15. The system of J claim 1, wherein at least one of the user is 
an enterprise account . 

16. The system ojf claim 1, wherein the cryptographic device 
includes a computer I executable code for supporting multiple 
concurrent users and maintaining a separation of roles and operations 
performed by each userj 



35 



-83- 



40628/RRT/S850 



17. The system of 
a mail piece. 



claim 2, wherein the value bearing item is 



18. The system of claim 17 , wherein the postal indicium 



comprises a digital sigr 

19. The system o:: 
10 encrypts validation in : 
printing a VBI . 



ature . 

claim 1, wherein the cryptographic device 
ormation according to a user request for 



15 



20. The system qf claim 17, wherein the cryptographic device 
generates data sufficient to print a postal indicium in compliance 
with postal service regulation on the mail piece. 




25 



30 



21. - The system pf claim 2, wherein the value bearing item is 
a ticket. 

22. The system pf claim 2, wherein a bar code is printed on the 
value bearing item. 

23. The systerrl of claim 1, wherein each security device 
transaction data includes an ascending register value, a descending 
register value, a respective cryptographic device ID, an indicium key 
certificate serial number, a licensing ZIP code, a key token for an 
indicium signing key, user secrets, a key for encrypting user 
secrets, data and time.of last transaction, last challenge received 
from a respective ciLient subsystem, an operational state of the 
respective device, {expiration dates for keys, and a passphrase 
repetition list. 



35 



24. The system of claim 1, wherein each security device 
transaction data inqludes a. private key, a public key, and a public 
key certificate, wqerein the private key is used to sign device 
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status respons.es and a VBI which, in conjunction with a public key 
certificate, demonstrates that the device and the VBI are authentic. 



10 



15 



30 



35 



25. The system of 
cryptographic device 
coupled to the computer 
cryptographic device 
authenticating any of tho 



laim 1 further comprising at least one more 
renjote from the plurality of user terminals 
network, wherein the at least one more 
includes a computer executable code for 
plurality of users. 



26. The system of 
shares a secret with the 

27. The system of 
cryptographic devices i 
set (MKS) . 




28. The system oi 
Encryption Key (MEK) u 
device and a Master 
MAC for signing keys wh 



29. The system 



claim 25, wherein the cryptographic device 
at least one more cryptographic device.- 

claim 25, wherein one of the plurality of 
a master device and generates a master key 



claim 27, wherein the MKS includes a Master 
to encrypt keys when stored outside the 
on Key (MAK) used to compute a DES 
n stored outside of the device. 



sed 



Aut henticatic 



of claim 27, wherein the MKS is exported to 



25 other cryptographic de\ 



30; 



A method foi 



ices by any cryptographic device. 



securing data in a computer network having a 
plurality of user terminals, the method comprising the steps of: 

storing information about a plurality of users using the 
plurality of terminals in a database remote from the plurality of 
user terminals; 

securing ths information about the users in the database 
by one or more of cryptographic devices, remote from the plurality of 
user terminals; J 

storing a plurality of security device transaction data, 
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wherein each transaction data is related to one of the plurality of 
users; and 

a user is authorized to assume a role, 



verifying that 



31. The method of 
loading a security device 
of the one or more of 
operate on a value bearinc 



claim 30 further comprising the step of 
transaction data related to a user into one 
ic devices when the user requests to 

item. 



crypt ographj 



32 . The method of (claim 30 further comprising the step of 
authenticating the identity of each user. 



15 




25 



33. The method of I claim 30 further comprising the steps of 
verifying that the user f is authorized to perform a corresponding 
operation based on the assumed role, 

34. ■ The method ofl claim 30, wherein the assumed role is a 
security officer role arjd the corresponding command is initiating a 
key management function 

35. The method of 
custodian role to take 



claim 30, wherein the assumed role is a key 
possession of shares of keys. 



36. The method df claim 30, wherein the assumed role is an 
administrator role to nanage a user access control. 

37. The method of claim 30, wherein the assumed role is an 



30 auditor role to manage 



audit logs, 



38. The method Jof claim 30, wherein the assumed role is a 
provider role to authorize increasing credit for a user account. 



35 
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/ 



39. The method of claim 30, wherein the assumed role is a user 
role to perform expected IfSIP postal meter operations , 

40. The method of Jblaim 30, wherein the assumed role is a 
certificate authority rolp to allow a public key certificate to be 
loaded and verified. 



10 41. The method of /claim 30, further comprising the step of 

determining a state corresponding to availability of one or more 
commands in conjunction with the roles. 



42. The method off claim 41, wherein the state machine includes 
15 one or more of an uninitialized state, an initialized state, an 
operational state, an/ administrative state, an exporting shares 
state, an importing shares state, and an error state. 



43. The method / of claim 30, further comprising the step of 
storing data for creating an indicium, account maintenance, and 
revenue protection. 




44. The method of claim 30, further comprising the step of 
printing a mail pieqe. 

25 

45. The method of claim 44, wherein the mail piece includes a 
digital signature . 

46. The method of claim 44, wherein the mail piece includes a 
30 postage amount. 



35 



47. The method of claim 44, wherein the mail piece includes an 
ascending register of used postage and descending register of 
available postage. 
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48. The method of claim 30, further comprising the step of 
printing a ticket. 

49. The method of c^aim 30, further comprising the step of 
printing a coupon. 



10 



15 



20 



50. The method of (claim 30, wherein the security device 
transaction data includes en ascending register value, a descending 
register value, a respective cryptographic device ID, an indicium key 




certificate serial number 
indicium signing key, us 
secrets, data and time of 
from a respective client 
respective device, expi 
repetition list. 



a licensing ZIP code, a key token for an 
er secrets, a key for encrypting user 
last transaction, last challenge received 
subsystem, an operational state of the 
ation dates for keys, and a passphrase 



51- The method of / claim 30, further comprising the step of 
using a private key to I sign device status responses and the VBI 
which, in conjunction with a public key certificate, demonstrates 
that the device and the IVBI are authentic. 



25 



52. The method off claim 30, further comprising the step of 
sharing a secret with ajny of the other devices . 



53. The method of claim 30, further comprising the step of 
generating a master key set (MKS) . 

30 54. The method of claim 53, wherein the step of generating the 

MKS comprises the steps of generating a Master Encryption Key (MEK) 
used to encrypt keys when stored outside the device. 



35 
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55. The method of 
generating a Master 
MAC for signing keys when 



cfLaim 54, further comprising the step of 
ion Key (MAK) used to compute a DES 
stored outside of the device. 



Authenticat 



10 



56. The method of cfLaim 30, further comprising the step of 
performing one or more of Rlvest, Shamir and Adleman (RSA) public key 
encryption, DES, Triple-DE9, DSA signature, SHA-1, and Pseudo-random 
number generation algorithms by each of the cryptographic devices. 



57 . A cryptographic/ device for securing data on a computer 
network comprising: 

a processor programmed for authenticating a plurality of 
15 users on the computer network for secure processing of a value 
bearing item; 

a memory for scoring security device transaction data for 
ensuring authenticity of la user and that the user is authorized to 
assume a role, wherein J the security device transaction data is 
20 related to the one of the plurality of users; 

a cryptographic engine for cryptographically protecting 

data; and 

an interface tor communicating with the computer network. 




25 



35 



58. The cryptograjphic device of claim 57, wherein the processor 
is programmed to verify- that the identified user is authorized to 
perform an operation corresponding to an assumed role. 



:ryptogr iph 



59. The c 
30 role is a key custodiar 



60. The 
role is an 
database. 



cryptograph 



administrator 



lie device of claim 57, wherein the assumed 
role to take possession of shares of keys. 



lie device of claim 57, wherein the assumed 
role to manages a user access control 
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61. The cryptographic device of claim 57, wherein the assumed 
role is a provider role to authorize increasing credit for a user 
account . I 

62. The cryptographic device of claim 57 , wherein the assumed 
role is a user role to perform expected IBIP postal meter operations. 

0 63. The cryptographic device of claim 57 further comprising a 

stored secret for cryptographically protecting data. 

64. The cryptographic device of claim 63, wherein the secret 
is a password. / 

5 / 

65. The cryptographic device of claim 63, wherein the secret 
is a public/private Ikey pair. 

66. The cryptographic device of claim 57, wherein the value 
2 0 bearing item is a postage value including a postal indicium. 

67. The cryptographic device of claim 57, wherein the value 
bearing item is a ticket. 

25 68. The cryptographic device of claim 57, wherein the value 

bearing item includes a bar code. 



30 
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